As organizations embrace digital transformation and blur the boundaries of the corporate network, compliance with the Payment Card Industry Data Security Standard (PCI DSS) has become increasingly complex. Zscaler`s mission is to help organizations secure customer payment data in accordance with PCI DSS. Here are some of the ways we ensure data protection in accordance with the EU Standard Contractual Clauses: This GDPR and the Privacy Shield Policy (“Policy”) describe how Zscaler, Inc. and its subsidiaries (“Zscaler” or “we”) collect, use and disclose certain personal data that we receive in the United States (“United States”) the European Union (EU) and/or Switzerland (the “Personal Data”). This policy supplements Zscaler`s privacy policy under, and except as expressly defined in this policy, the terms of this policy have the same meanings as in Zscaler`s privacy policy. Transaction data is stored only in memory and is never written to disk. Customers can specify that logs are written to disk in a physical location that complies with regional regulations. Cloud Browser Isolation allows you to stream DATA in BYOD only as pixels, allowing secure access and viewing while preventing downloading, copying, and printing. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which was adopted on 25 September 2016/679. Entered into force in May 2018, it is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify the protection of the data of individuals within the European Union (EU).

It also deals with the transfer of personal data outside the EU. The main objectives of the GDPR are (i) to improve the protection of EU personal data and (ii) to simplify the regulatory environment for international companies by imposing uniform data protection requirements on all EU members. Gain complete visibility into shadow IT, block risky applications, and quickly identify dangerous data sharing—all with a single, unified DLP strategy. Cloud applications improve productivity, but don`t provide enough visibility into data access or shared sharing. Complying with HIPAA regulations and protecting sensitive patient data can be challenging as patient care methods continue to evolve. Zscaler helps healthcare organizations improve their security posture and enforce consistent security and access policies for all users, regardless of where their users work with patients – in a healthcare facility, online, or via a mobile device. In addition, Zscaler maintains its certification for the EU-US and Switzerland-US. erect. Privacy Shield Frameworks. Although Zscaler does not rely on the EU-US Privacy Shield Framework as the legal basis for the transfer of personal data in light of the Court of Justice ruling in Case C-311/18, we are committed to complying with the EU-US Privacy Shield Framework.

We understand that the message sent by the European judge in the Schrems II case is that, depending on the case-by-case assessment, given the circumstances of the specific data transfer, certain additional measures may be necessary to ensure that the law of the country to which the data is transferred does not compromise the adequate level of protection guaranteed by the EU Standard Contractual Clauses. Zscaler is a powerful, cloud-native platform that audits all Internet and SSL traffic, protects all sensitive data during download and download, and provides users with fast and consistent security regardless of their location. Define what information about your company is classified as personal data and fully understand how this data is stored and processed by your suppliers, partners and third parties. This process will reveal your data footprint. (2) How does Zscaler protect the personal data it processes and/or stores? To help our customers comply with the GDPR, we have compiled a comprehensive, side-by-side picture of the controller vs. processor`s responsibilities of the customer`s obligations as a data controller and Zscaler`s obligations as a data processor. This chart is a useful tool for our customers to better understand what exactly they need to do to comply with the GDPR and what they can expect from Zscaler. In light of the Schrems II judgment, Zscaler confirms that it will continue to offer its products and services in full compliance with applicable data protection laws.

Zscaler processes personal data in the data center closest to the location of our customers` users (i.e. EU data centers for EU users, U.S. data centers for U.S. users). In the event that an EU user travels to the United States, Zscaler processes their personal data from the nearest data center that would be located in the United States. We process personal data only for the purpose of providing services to our customers and for any other purpose authorised by the data subject or controller. Zscaler will only process personal data in a manner consistent with the purpose for which Zscaler collected the personal data or for purposes subsequently authorised by the natural or legal person providing the personal data. Before using your personal data for purposes materially different from those for which it was collected or which you subsequently authorised, we will give you the opportunity to unsubscribe. Zscaler maintains reasonable procedures to ensure that personal information is reliable, accurate, complete and up-to-date for the intended use. Zscaler`s teams have thoroughly analyzed the GDPR to ensure that our services and agreements comply with new regulations, and we are also committed to helping you with your compliance efforts.

We`ve developed a tool that allows customers to better understand what exactly they need to do to comply with the GDPR as a data controller and what they can expect from Zscaler as a data processor. See the table here (PDF). Built from the ground up as a true multi-tenant cloud platform, the Zscaler architecture offers the highest standards of data security. Several design factors make the Zscaler Cloud unique. We use cookies and various traffic tracking technologies to monitor website usage. A cookie is a small piece of data (text file) that prompts a website from your browser when a user visits to store information about you, such as .B. Your language setting or credentials. Zscaler support staff will not access customer`s personal information unless that customer has expressly authorized it. This Agreement governs the purchase, access and use of Zscaler Products by Customers. Read more (6) What additional assurances does Zscaler provide to support the use of the EU Standard Contractual Clauses when transferring personal data to the US? No. Because Zscaler is a US-based company that offers a global cloud platform, Zscaler processes personal data worldwide through its network of more than 150 data centers to provide our services.

Zscaler implements physical, technical and organizational security measures to ensure a level of security appropriate to the risk in accordance with the standards of Article 32 of the GDPR. Zscaler is ISO 27001 and System and Organization Controls (SOC) 2, Type II certified and is audited annually by a third party to ensure continued compliance with these certifications. Zscaler regularly tests, evaluates and evaluates the effectiveness of its security measures. Upon written request and subject to appropriate confidentiality protection, Zscaler may provide the Customer with a copy of its latest ISO 27001 certificate and/or SOC 2, Type II report. For more information, see You may have the option to choose binding arbitration to resolve your claim in certain circumstances, provided that you have taken the following steps: (1) submitted your complaint directly to Zscaler and given us an opportunity to resolve the issue; (2) has had recourse to the above-mentioned independent dispute resolution mechanism; and (3) resolved the issue through the appropriate data protection authority and gave the U.S. Department of Commerce the opportunity to resolve the complaint at no cost to you. For more information about binding arbitration, see U.S. Department of Commerce Privacy Shield Framework: Appendix I (Binding Arbitration) at The way Zscaler transfers personal data outside the EU to provide our products and services has not changed. The European judge`s decision does not affect how Zscaler provides its products and services, our data feeds or how we store customer logs. In the past, Zscaler has provided its customers with protection for international data transfers under the EU Standard Contractual Clauses and the Privacy Shield Framework.

The EU Standard Contractual Clauses remain valid and the judge expressly confirmed that this mechanism can continue to be used by the company. This Privacy Policy (“Policy”) explains how your information is collected, used and disclosed by Zscaler, Inc. and its affiliates (“Zscaler” or “We”) and applies to the information we collect when you use or access our online website on (the “Site”), when you access the content we make available to you (the “Content”), or when you otherwise interact with us….

Block "footer-2020" not found